admin/nvd-json-data-feeds
1
0
Fork 0
mirror of https://github.com/fkie-cad/nvd-json-data-feeds.git synced 2025-05-08 11:37:26 +00:00
Code Issues Packages Projects Releases Wiki Activity

Auto-Update: 2024-02-08T11:04:28.685963+00:00

Browse Source
This commit is contained in:
cad-safe-bot 2024-02-08 11:04:32 +00:00
parent 286082a05e
commit 9e4116d9aa
24 changed files with 434 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2014-125087",
"sourceIdentifier": "cna@vuldb.com",
"published": "2023-02-19T17:15:11.103",
"lastModified": "2023-11-07T02:18:44.827",
"lastModified": "2024-02-08T10:15:08.567",
"vulnStatus": "Modified",
"descriptions": [
{
@ -33,7 +33,7 @@
"impactScore": 5.9
},
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
@ -55,7 +55,7 @@
],
"cvssMetricV2": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Secondary",
"cvssData": {
"version": "2.0",
@ -81,7 +81,7 @@
},
"weaknesses": [
{
"source": "1af790b2-7ee1-4545-860a-a788eba489b5",
"source": "cna@vuldb.com",
"type": "Primary",
"description": [
{
@ -131,6 +131,10 @@
"Release Notes"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0009/",
"source": "cna@vuldb.com"
},
{
"url": "https://vuldb.com/?ctiid.221480",
"source": "cna@vuldb.com",

6
CVE-2021/CVE-2021-445xx/CVE-2021-44528.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2021-44528",
"sourceIdentifier": "support@hackerone.com",
"published": "2022-01-10T14:10:26.117",
"lastModified": "2023-03-14T08:15:12.297",
"lastModified": "2024-02-08T10:15:08.973",
"vulnStatus": "Modified",
"descriptions": [
{
@ -121,6 +121,10 @@
"Third Party Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0003/",
"source": "support@hackerone.com"
},
{
"url": "https://www.debian.org/security/2023/dsa-5372",
"source": "support@hackerone.com"

6
CVE-2023/CVE-2023-424xx/CVE-2023-42465.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-42465",
"sourceIdentifier": "cve@mitre.org",
"published": "2023-12-22T16:15:08.057",
"lastModified": "2024-01-28T04:15:07.590",
"lastModified": "2024-02-08T10:15:09.240",
"vulnStatus": "Modified",
"descriptions": [
{
@ -99,6 +99,10 @@
"url": "https://security.gentoo.org/glsa/202401-29",
"source": "cve@mitre.org"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0002/",
"source": "cve@mitre.org"
},
{
"url": "https://www.openwall.com/lists/oss-security/2023/12/21/9",
"source": "cve@mitre.org",

8
CVE-2023/CVE-2023-470xx/CVE-2023-47039.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-47039",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T06:15:13.737",
"lastModified": "2024-01-08T19:02:03.510",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:09.497",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -132,6 +132,10 @@
"tags": [
"Issue Tracking"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0005/",
"source": "secalert@redhat.com"
}
]
}

18
CVE-2023/CVE-2023-60xx/CVE-2023-6020.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6020",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T21:15:09.443",
"lastModified": "2023-12-06T21:15:08.560",
"lastModified": "2024-02-08T10:15:09.797",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication. The issue is fixed in version 2.8.1+. Ray maintainers' response can be found here: https://www.anyscale.com/blog/update-on-ray-cves-cve-2023-6019-cve-2023-6020-cve-2023-6021-cve-2023-48022-cve-2023-48023"
"value": "LFI in Ray's /static/ directory allows attackers to read any file on the server without authentication."
},
{
"lang": "es",
@ -35,13 +35,15 @@
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
},
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
@ -60,7 +62,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -70,12 +72,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-598"
"value": "CWE-862"
}
]
}

6
CVE-2023/CVE-2023-60xx/CVE-2023-6038.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6038",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-11-16T17:15:09.373",
"lastModified": "2023-11-24T23:06:16.283",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:10.703",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -77,7 +77,7 @@
"description": [
{
"lang": "en",
"value": "CWE-29"
"value": "CWE-862"
}
]
}

55
CVE-2023/CVE-2023-65xx/CVE-2023-6515.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2023-6515",
"sourceIdentifier": "iletisim@usom.gov.tr",
"published": "2024-02-08T10:15:11.047",
"lastModified": "2024-02-08T10:15:11.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Authorization Bypass Through User-Controlled Key vulnerability in Mia Technology Inc. M\u0130A-MED allows Authentication Abuse.This issue affects M\u0130A-MED: before 1.0.7.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "iletisim@usom.gov.tr",
"type": "Primary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "LOW",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 8.8,
"baseSeverity": "HIGH"
},
"exploitabilityScore": 2.8,
"impactScore": 5.9
}
]
},
"weaknesses": [
{
"source": "iletisim@usom.gov.tr",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-639"
}
]
}
],
"references": [
{
"url": "https://www.usom.gov.tr/bildirim/tr-24-0087",
"source": "iletisim@usom.gov.tr"
}
]
}

12
CVE-2023/CVE-2023-65xx/CVE-2023-6572.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6572",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-14T14:15:46.013",
"lastModified": "2023-12-19T18:29:36.817",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:11.630",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Exposure of Sensitive Information to an Unauthorized Actor in GitHub repository gradio-app/gradio prior to main."
"value": "Command Injection in GitHub repository gradio-app/gradio prior to main."
},
{
"lang": "es",
@ -62,7 +62,7 @@
},
"weaknesses": [
{
"source": "nvd@nist.gov",
"source": "security@huntr.dev",
"type": "Primary",
"description": [
{
@ -72,12 +72,12 @@
]
},
{
"source": "security@huntr.dev",
"source": "nvd@nist.gov",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-200"
"value": "CWE-77"
}
]
}

8
CVE-2023/CVE-2023-66xx/CVE-2023-6693.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2023-6693",
"sourceIdentifier": "secalert@redhat.com",
"published": "2024-01-02T10:15:08.930",
"lastModified": "2024-01-08T19:04:42.353",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:11.967",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -137,6 +137,10 @@
"Issue Tracking",
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0004/",
"source": "secalert@redhat.com"
}
]
}

32
CVE-2023/CVE-2023-67xx/CVE-2023-6778.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6778",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-18T15:15:10.030",
"lastModified": "2023-12-22T14:54:34.047",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:12.243",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0. This vulnerability affects the ClearML Open Source Server which is not designed to be used as a publicly available service. Security recommendations stress it should be placed behind a company firewall or VPN. This vulnerability only affects users within the same organisation (I.e when a malicious party already has access to the internal network and to a user's ClearML login credentials)."
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository allegroai/clearml-server prior to 1.13.0."
},
{
"lang": "es",
@ -35,26 +35,28 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "NONE",
"integrityImpact": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 7.5,
"baseSeverity": "HIGH"
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 3.6
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

32
CVE-2023/CVE-2023-68xx/CVE-2023-6889.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6889",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-16T09:15:07.270",
"lastModified": "2023-12-19T13:52:23.363",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:12.730",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n"
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
@ -35,26 +35,28 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:L",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "LOW",
"baseScore": 6.7,
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

30
CVE-2023/CVE-2023-68xx/CVE-2023-6890.json
View File

@ -2,12 +2,12 @@
"id": "CVE-2023-6890",
"sourceIdentifier": "security@huntr.dev",
"published": "2023-12-16T09:15:07.470",
"lastModified": "2023-12-19T13:50:36.190",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:13.133",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17.\n\n"
"value": "Cross-site Scripting (XSS) - Stored in GitHub repository thorsten/phpmyfaq prior to 3.1.17."
},
{
"lang": "es",
@ -35,26 +35,28 @@
},
"exploitabilityScore": 2.3,
"impactScore": 2.7
},
}
],
"cvssMetricV30": [
{
"source": "security@huntr.dev",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:L/A:H",
"version": "3.0",
"vectorString": "CVSS:3.0/AV:N/AC:L/PR:L/UI:R/S:C/C:L/I:L/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"privilegesRequired": "LOW",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "LOW",
"availabilityImpact": "HIGH",
"baseScore": 6.7,
"availabilityImpact": "NONE",
"baseScore": 5.4,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.2,
"impactScore": 5.5
"exploitabilityScore": 2.3,
"impactScore": 2.7
}
]
},

6
CVE-2023/CVE-2023-70xx/CVE-2023-7090.json
View File

@ -2,7 +2,7 @@
"id": "CVE-2023-7090",
"sourceIdentifier": "secalert@redhat.com",
"published": "2023-12-23T23:15:07.560",
"lastModified": "2024-02-03T11:15:14.500",
"lastModified": "2024-02-08T10:15:13.540",
"vulnStatus": "Modified",
"descriptions": [
{
@ -119,6 +119,10 @@
"url": "https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html",
"source": "secalert@redhat.com"
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0001/",
"source": "secalert@redhat.com"
},
{
"url": "https://www.sudo.ws/releases/legacy/#1.8.28",
"source": "secalert@redhat.com",

8
CVE-2024/CVE-2024-00xx/CVE-2024-0057.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0057",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:46.980",
"lastModified": "2024-01-16T18:47:36.267",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:13.717",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -616,6 +616,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0007/",
"source": "secure@microsoft.com"
}
]
}

4
CVE-2024/CVE-2024-02xx/CVE-2024-0297.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0297",
"sourceIdentifier": "cna@vuldb.com",
"published": "2024-01-08T05:15:09.393",
"lastModified": "2024-01-11T16:56:14.950",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T09:15:45.773",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",

8
CVE-2024/CVE-2024-07xx/CVE-2024-0727.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-0727",
"sourceIdentifier": "openssl-security@openssl.org",
"published": "2024-01-26T09:15:07.637",
"lastModified": "2024-02-02T15:53:24.320",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:13.910",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -131,6 +131,10 @@
"Patch"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0006/",
"source": "openssl-security@openssl.org"
},
{
"url": "https://www.openssl.org/news/secadv/20240125.txt",
"source": "openssl-security@openssl.org",

47
CVE-2024/CVE-2024-09xx/CVE-2024-0965.json Normal file
View File

@ -0,0 +1,47 @@
{
"id": "CVE-2024-0965",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T09:15:46.047",
"lastModified": "2024-02-08T09:15:46.047",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The Simple Page Access Restriction plugin for WordPress is vulnerable to Sensitive Information Exposure in all versions up to, and including, 1.0.21 via the REST API. This makes it possible for unauthenticated attackers to bypass the plugin's page restriction and view page content."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "LOW",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 5.3,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 3.9,
"impactScore": 1.4
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset/3030099/simple-page-access-restriction",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/d99dc270-1b28-4e76-9346-38b2b96be01c?source=cve",
"source": "security@wordfence.com"
}
]
}

51
CVE-2024/CVE-2024-12xx/CVE-2024-1207.json Normal file
View File

@ -0,0 +1,51 @@
{
"id": "CVE-2024-1207",
"sourceIdentifier": "security@wordfence.com",
"published": "2024-02-08T09:15:46.253",
"lastModified": "2024-02-08T09:15:46.253",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "The WP Booking Calendar plugin for WordPress is vulnerable to SQL Injection via the 'calendar_request_params[dates_ddmmyy_csv]' parameter in all versions up to, and including, 9.9 due to insufficient escaping on the user supplied parameter and lack of sufficient preparation on the existing SQL query. This makes it possible for unauthenticated attackers to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database."
},
{
"lang": "es",
"value": "El complemento WP Booking Calendar para WordPress es vulnerable a la inyecci\u00f3n SQL a trav\u00e9s del par\u00e1metro 'calendar_request_params[dates_ddmmyy_csv]' en todas las versiones hasta la 9.9 incluida, debido a un escape insuficiente en el par\u00e1metro proporcionado por el usuario y a la falta de preparaci\u00f3n suficiente en la consulta SQL existente. Esto hace posible que atacantes no autenticados agreguen consultas SQL adicionales a consultas ya existentes que pueden usarse para extraer informaci\u00f3n confidencial de la base de datos."
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security@wordfence.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "NONE",
"userInteraction": "NONE",
"scope": "UNCHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "HIGH",
"availabilityImpact": "HIGH",
"baseScore": 9.8,
"baseSeverity": "CRITICAL"
},
"exploitabilityScore": 3.9,
"impactScore": 5.9
}
]
},
"references": [
{
"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3032596%40booking&new=3032596%40booking&sfp_email=&sfph_mail=",
"source": "security@wordfence.com"
},
{
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7802ed1f-138c-4a3d-916c-80fb4f7699b2?source=cve",
"source": "security@wordfence.com"
}
]
}

8
CVE-2024/CVE-2024-213xx/CVE-2024-21312.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-21312",
"sourceIdentifier": "secure@microsoft.com",
"published": "2024-01-09T18:15:55.080",
"lastModified": "2024-01-12T18:46:59.347",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:14.017",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -347,6 +347,10 @@
"Patch",
"Vendor Advisory"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0008/",
"source": "secure@microsoft.com"
}
]
}

55
CVE-2024/CVE-2024-224xx/CVE-2024-22464.json Normal file
View File

@ -0,0 +1,55 @@
{
"id": "CVE-2024-22464",
"sourceIdentifier": "security_alert@emc.com",
"published": "2024-02-08T10:15:14.183",
"lastModified": "2024-02-08T10:15:14.183",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "\nDell EMC AppSync, versions from 4.2.0.0 to 4.6.0.0 including all Service Pack releases, contain an exposure of sensitive information vulnerability in AppSync server logs. A high privileged remote attacker could potentially exploit this vulnerability, leading to the disclosure of certain user credentials. The attacker may be able to use the exposed credentials to access the vulnerable system with privileges of the compromised account.\n\n"
}
],
"metrics": {
"cvssMetricV31": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"cvssData": {
"version": "3.1",
"vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:R/S:C/C:H/I:N/A:N",
"attackVector": "NETWORK",
"attackComplexity": "LOW",
"privilegesRequired": "HIGH",
"userInteraction": "REQUIRED",
"scope": "CHANGED",
"confidentialityImpact": "HIGH",
"integrityImpact": "NONE",
"availabilityImpact": "NONE",
"baseScore": 6.2,
"baseSeverity": "MEDIUM"
},
"exploitabilityScore": 1.7,
"impactScore": 4.0
}
]
},
"weaknesses": [
{
"source": "security_alert@emc.com",
"type": "Secondary",
"description": [
{
"lang": "en",
"value": "CWE-532"
}
]
}
],
"references": [
{
"url": "https://www.dell.com/support/kbdoc/en-us/000221932/dsa-2024-072-security-update-for-dell-emc-appsync-for-vulnerabilities",
"source": "security_alert@emc.com"
}
]
}

44
CVE-2024/CVE-2024-234xx/CVE-2024-23452.json Normal file
View File

@ -0,0 +1,44 @@
{
"id": "CVE-2024-23452",
"sourceIdentifier": "security@apache.org",
"published": "2024-02-08T09:15:46.420",
"lastModified": "2024-02-08T09:15:46.420",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Request smuggling vulnerability in HTTP server in Apache bRPC 0.9.5~1.7.0 on all platforms allows attacker to smuggle request.\n\nVulnerability Cause Description\uff1a\n\nThe http_parser does not comply with the RFC-7230 HTTP 1.1 specification.\n\nAttack\u00a0scenario:\nIf a message is received with both a Transfer-Encoding and a Content-Length header field, such a message might indicate an attempt to perform request smuggling or response splitting.\nOne particular attack scenario is that a bRPC made http server on the backend receiving requests in one persistent connection from frontend server that uses TE to parse request with the logic that 'chunk' is contained in the TE field. in that case an attacker can smuggle a request into the connection to the backend server.\u00a0\n\nSolution:\nYou can choose one solution from below:\n1. Upgrade bRPC to version 1.8.0, which fixes this issue. Download link: https://github.com/apache/brpc/releases/tag/1.8.0\n 2. Apply this patch:\u00a0 https://github.com/apache/brpc/pull/2518 \n\n"
},
{
"lang": "es",
"value": "Vulnerabilidad de contrabando de solicitudes en el servidor HTTP en Apache bRPC 0.9.5~1.7.0 en todas las plataformas permite al atacante contrabandear solicitudes. Descripci\u00f3n de la causa de la vulnerabilidad: http_parser no cumple con la especificaci\u00f3n RFC-7230 HTTP 1.1. Escenario de ataque: si se recibe un mensaje con un campo de encabezado Transfer-Encoding y Content-Length, dicho mensaje podr\u00eda indicar un intento de realizar contrabando de solicitudes o divisi\u00f3n de respuestas. Un escenario de ataque particular es que un bRPC cre\u00f3 un servidor http en el backend que recibe solicitudes en una conexi\u00f3n persistente desde el servidor frontend que usa TE para analizar la solicitud con la l\u00f3gica de que el \"fragmento\" est\u00e1 contenido en el campo TE. En ese caso, un atacante puede introducir de contrabando una solicitud en la conexi\u00f3n con el servidor backend. Soluci\u00f3n: Puede elegir una de las siguientes soluciones: 1. Actualice bRPC a la versi\u00f3n 1.8.0, que soluciona este problema. Enlace de descarga: https://github.com/apache/brpc/releases/tag/1.8.0 2. Aplique este parche: https://github.com/apache/brpc/pull/2518"
}
],
"metrics": {},
"weaknesses": [
{
"source": "security@apache.org",
"type": "Primary",
"description": [
{
"lang": "en",
"value": "CWE-444"
}
]
}
],
"references": [
{
"url": "https://github.com/apache/brpc/pull/2518",
"source": "security@apache.org"
},
{
"url": "https://github.com/apache/brpc/releases/tag/1.8.0",
"source": "security@apache.org"
},
{
"url": "https://lists.apache.org/thread/kkvdpwyr2s2yt9qvvxfdzon012898vxd",
"source": "security@apache.org"
}
]
}

8
CVE-2024/CVE-2024-236xx/CVE-2024-23638.json
View File

@ -2,8 +2,8 @@
"id": "CVE-2024-23638",
"sourceIdentifier": "security-advisories@github.com",
"published": "2024-01-24T00:15:08.573",
"lastModified": "2024-01-30T23:05:12.243",
"vulnStatus": "Analyzed",
"lastModified": "2024-02-08T10:15:14.500",
"vulnStatus": "Modified",
"descriptions": [
{
"lang": "en",
@ -150,6 +150,10 @@
"tags": [
"Exploit"
]
},
{
"url": "https://security.netapp.com/advisory/ntap-20240208-0010/",
"source": "security-advisories@github.com"
}
]
}

24
CVE-2024/CVE-2024-240xx/CVE-2024-24034.json Normal file
View File

@ -0,0 +1,24 @@
{
"id": "CVE-2024-24034",
"sourceIdentifier": "cve@mitre.org",
"published": "2024-02-08T09:15:46.537",
"lastModified": "2024-02-08T09:15:46.537",
"vulnStatus": "Received",
"descriptions": [
{
"lang": "en",
"value": "Setor Informatica S.I.L version 3.0 is vulnerable to Open Redirect via the hprinter parameter, allows remote attackers to execute arbitrary code."
},
{
"lang": "es",
"value": "Setor Informatica S.I.L versi\u00f3n 3.0 es vulnerable a Open Redirect a trav\u00e9s del par\u00e1metro hprinter, permite a atacantes remotos ejecutar c\u00f3digo arbitrario."
}
],
"metrics": {},
"references": [
{
"url": "https://github.com/ELIZEUOPAIN/CVE-2024-24034/tree/main",
"source": "cve@mitre.org"
}
]
}

37
README.md
View File

@ -9,13 +9,13 @@ Repository synchronizes with the NVD every 2 hours.
### Last Repository Update
```plain
2024-02-08T07:00:24.311866+00:00
2024-02-08T11:04:28.685963+00:00
```
### Most recent CVE Modification Timestamp synchronized with NVD
```plain
2024-02-08T06:15:51.750000+00:00
2024-02-08T10:15:14.500000+00:00
```
### Last Data Feed Release
@ -29,23 +29,42 @@ Download and Changelog: [Click](https://github.com/fkie-cad/nvd-json-data-feeds/
### Total Number of included CVEs
```plain
237924
237930
```
### CVEs added in the last Commit
Recently added CVEs: `4`
Recently added CVEs: `6`
* [CVE-2024-24202](CVE-2024/CVE-2024-242xx/CVE-2024-24202.json) (`2024-02-08T05:15:08.593`)
* [CVE-2024-0511](CVE-2024/CVE-2024-05xx/CVE-2024-0511.json) (`2024-02-08T06:15:51.423`)
* [CVE-2024-24091](CVE-2024/CVE-2024-240xx/CVE-2024-24091.json) (`2024-02-08T06:15:51.690`)
* [CVE-2024-24216](CVE-2024/CVE-2024-242xx/CVE-2024-24216.json) (`2024-02-08T06:15:51.750`)
* [CVE-2023-6515](CVE-2023/CVE-2023-65xx/CVE-2023-6515.json) (`2024-02-08T10:15:11.047`)
* [CVE-2024-0965](CVE-2024/CVE-2024-09xx/CVE-2024-0965.json) (`2024-02-08T09:15:46.047`)
* [CVE-2024-1207](CVE-2024/CVE-2024-12xx/CVE-2024-1207.json) (`2024-02-08T09:15:46.253`)
* [CVE-2024-23452](CVE-2024/CVE-2024-234xx/CVE-2024-23452.json) (`2024-02-08T09:15:46.420`)
* [CVE-2024-24034](CVE-2024/CVE-2024-240xx/CVE-2024-24034.json) (`2024-02-08T09:15:46.537`)
* [CVE-2024-22464](CVE-2024/CVE-2024-224xx/CVE-2024-22464.json) (`2024-02-08T10:15:14.183`)
### CVEs modified in the last Commit
Recently modified CVEs: `0`
Recently modified CVEs: `17`
* [CVE-2014-125087](CVE-2014/CVE-2014-1250xx/CVE-2014-125087.json) (`2024-02-08T10:15:08.567`)
* [CVE-2021-44528](CVE-2021/CVE-2021-445xx/CVE-2021-44528.json) (`2024-02-08T10:15:08.973`)
* [CVE-2023-42465](CVE-2023/CVE-2023-424xx/CVE-2023-42465.json) (`2024-02-08T10:15:09.240`)
* [CVE-2023-47039](CVE-2023/CVE-2023-470xx/CVE-2023-47039.json) (`2024-02-08T10:15:09.497`)
* [CVE-2023-6020](CVE-2023/CVE-2023-60xx/CVE-2023-6020.json) (`2024-02-08T10:15:09.797`)
* [CVE-2023-6038](CVE-2023/CVE-2023-60xx/CVE-2023-6038.json) (`2024-02-08T10:15:10.703`)
* [CVE-2023-6572](CVE-2023/CVE-2023-65xx/CVE-2023-6572.json) (`2024-02-08T10:15:11.630`)
* [CVE-2023-6693](CVE-2023/CVE-2023-66xx/CVE-2023-6693.json) (`2024-02-08T10:15:11.967`)
* [CVE-2023-6778](CVE-2023/CVE-2023-67xx/CVE-2023-6778.json) (`2024-02-08T10:15:12.243`)
* [CVE-2023-6889](CVE-2023/CVE-2023-68xx/CVE-2023-6889.json) (`2024-02-08T10:15:12.730`)
* [CVE-2023-6890](CVE-2023/CVE-2023-68xx/CVE-2023-6890.json) (`2024-02-08T10:15:13.133`)
* [CVE-2023-7090](CVE-2023/CVE-2023-70xx/CVE-2023-7090.json) (`2024-02-08T10:15:13.540`)
* [CVE-2024-0297](CVE-2024/CVE-2024-02xx/CVE-2024-0297.json) (`2024-02-08T09:15:45.773`)
* [CVE-2024-0057](CVE-2024/CVE-2024-00xx/CVE-2024-0057.json) (`2024-02-08T10:15:13.717`)
* [CVE-2024-0727](CVE-2024/CVE-2024-07xx/CVE-2024-0727.json) (`2024-02-08T10:15:13.910`)
* [CVE-2024-21312](CVE-2024/CVE-2024-213xx/CVE-2024-21312.json) (`2024-02-08T10:15:14.017`)
* [CVE-2024-23638](CVE-2024/CVE-2024-236xx/CVE-2024-23638.json) (`2024-02-08T10:15:14.500`)
## Download and Usage